trezor-firmware/src/apps/common/request_pin.py

from trezor import ui
from trezor import wire
from trezor.utils import unimport

if __debug__:
    matrix = None


@unimport
async def request_pin_on_display(session_id: int, code: int=None) -> str:
    from trezor.messages.ButtonRequest import ButtonRequest
    from trezor.messages.ButtonRequestType import ProtectCall
    from trezor.messages.FailureType import PinCancelled
    from trezor.messages.wire_types import ButtonAck
    from trezor.ui.confirm import ConfirmDialog, CONFIRMED
    from trezor.ui.pin import PinMatrix

    if __debug__:
        global matrix

    _, label = _get_code_and_label(code)

    await wire.call(session_id,
                    ButtonRequest(code=ProtectCall),
                    ButtonAck)

    ui.display.clear()
    matrix = PinMatrix(label)
    dialog = ConfirmDialog(matrix)
    pin = matrix.pin
    matrix = None

    if await dialog != CONFIRMED:
        raise wire.FailureError(PinCancelled, 'PIN cancelled')
    return pin


@unimport
async def request_pin_on_client(session_id: int, code: int=None) -> str:
    from trezor.messages.FailureType import PinCancelled
    from trezor.messages.PinMatrixRequest import PinMatrixRequest
    from trezor.messages.wire_types import PinMatrixAck, Cancel
    from trezor.ui.pin import PinMatrix

    if __debug__:
        global matrix

    code, label = _get_code_and_label(code)

    ui.display.clear()
    matrix = PinMatrix(label)
    matrix.render()

    ack = await wire.call(session_id,
                          PinMatrixRequest(type=code),
                          PinMatrixAck, Cancel)
    digits = matrix.digits
    matrix = None

    if ack.MESSAGE_WIRE_TYPE == Cancel:
        raise wire.FailureError(PinCancelled, 'PIN cancelled')
    return _decode_pin(ack.pin, digits)


request_pin = request_pin_on_client


@unimport
async def request_pin_twice(session_id: int) -> str:
    from trezor.messages.FailureType import PinInvalid
    from trezor.messages import PinMatrixRequestType

    pin_first = await request_pin(session_id, PinMatrixRequestType.NewFirst)
    pin_again = await request_pin(session_id, PinMatrixRequestType.NewSecond)
    if pin_first != pin_again:
        raise wire.FailureError(PinInvalid, 'PIN invalid')

    return pin_first


async def protect_by_pin_repeatedly(session_id: int, at_least_once: bool=False):
    from . import storage

    locked = storage.is_locked() or at_least_once
    while locked:
        pin = await request_pin(session_id)
        locked = not storage.unlock(pin, _render_pin_failure)


async def protect_by_pin_or_fail(session_id: int, at_least_once: bool=False):
    from trezor.messages.FailureType import PinInvalid
    from . import storage

    locked = storage.is_locked() or at_least_once
    if locked:
        pin = await request_pin(session_id)
        if not storage.unlock(pin, _render_pin_failure):
            raise wire.FailureError(PinInvalid, 'PIN invalid')


protect_by_pin = protect_by_pin_or_fail


def _render_pin_failure(sleep_ms: int):
    ui.display.clear()
    ui.display.text_center(240, 240, 'Sleeping for %d seconds' % (sleep_ms / 1000),
                           ui.BOLD, ui.RED, ui.BLACK)


def _get_code_and_label(code: int) -> str:
    from trezor.messages import PinMatrixRequestType
    if code is None:
        code = PinMatrixRequestType.Current
    if code == PinMatrixRequestType.NewFirst:
        label = 'Enter new PIN'
    elif code == PinMatrixRequestType.NewSecond:
        label = 'Enter PIN again'
    else:  # PinMatrixRequestType.Current
        label = 'Enter PIN'
    return code, label


def _decode_pin(pin: str, secret: list) -> str:
    return ''.join([str(secret[int(d) - 1]) for d in pin])
add ResetDevice workflow 2016-06-09 14:28:34 +00:00			`from trezor import ui`
add wipe, wire.write is a generator, add trezor/workflows 2016-06-06 12:10:36 +00:00			`from trezor import wire`
unify unimport_func and unimport_gen, asyncify 2016-09-21 12:24:12 +00:00			`from trezor.utils import unimport`
add wipe, wire.write is a generator, add trezor/workflows 2016-06-06 12:10:36 +00:00
apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`if __debug__:`
			`matrix = None`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00
add wipe, wire.write is a generator, add trezor/workflows 2016-06-06 12:10:36 +00:00
workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`@unimport`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`async def request_pin_on_display(session_id: int, code: int=None) -> str:`
workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`from trezor.messages.ButtonRequest import ButtonRequest`
			`from trezor.messages.ButtonRequestType import ProtectCall`
			`from trezor.messages.FailureType import PinCancelled`
			`from trezor.messages.wire_types import ButtonAck`
add wipe, wire.write is a generator, add trezor/workflows 2016-06-06 12:10:36 +00:00			`from trezor.ui.confirm import ConfirmDialog, CONFIRMED`
workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`from trezor.ui.pin import PinMatrix`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00
apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`if __debug__:`
			`global matrix`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00
			`_, label = _get_code_and_label(code)`

apps: reflect the wire api changes 2016-12-08 15:18:12 +00:00			`await wire.call(session_id,`
			`ButtonRequest(code=ProtectCall),`
			`ButtonAck)`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00
ui: clear the screen before common layouts 2016-10-06 10:31:03 +00:00			`ui.display.clear()`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`matrix = PinMatrix(label)`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00			`dialog = ConfirmDialog(matrix)`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`pin = matrix.pin`
			`matrix = None`

workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`if await dialog != CONFIRMED:`
			`raise wire.FailureError(PinCancelled, 'PIN cancelled')`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`return pin`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00
			`@unimport`
			`async def request_pin_on_client(session_id: int, code: int=None) -> str:`
			`from trezor.messages.FailureType import PinCancelled`
			`from trezor.messages.PinMatrixRequest import PinMatrixRequest`
			`from trezor.messages.wire_types import PinMatrixAck, Cancel`
			`from trezor.ui.pin import PinMatrix`

apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`if __debug__:`
			`global matrix`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00
			`code, label = _get_code_and_label(code)`

			`ui.display.clear()`
			`matrix = PinMatrix(label)`
			`matrix.render()`

apps: reflect the wire api changes 2016-12-08 15:18:12 +00:00			`ack = await wire.call(session_id,`
apps.common: fix request_pin 2017-01-17 16:43:08 +00:00			`PinMatrixRequest(type=code),`
apps: reflect the wire api changes 2016-12-08 15:18:12 +00:00			`PinMatrixAck, Cancel)`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`digits = matrix.digits`
			`matrix = None`

apps.common.request_pin: fix client cancel 2016-12-15 11:34:18 +00:00			`if ack.MESSAGE_WIRE_TYPE == Cancel:`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`raise wire.FailureError(PinCancelled, 'PIN cancelled')`
			`return _decode_pin(ack.pin, digits)`


			`request_pin = request_pin_on_client`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00

workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`@unimport`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`async def request_pin_twice(session_id: int) -> str:`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00			`from trezor.messages.FailureType import PinInvalid`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`from trezor.messages import PinMatrixRequestType`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`pin_first = await request_pin(session_id, PinMatrixRequestType.NewFirst)`
			`pin_again = await request_pin(session_id, PinMatrixRequestType.NewSecond)`
workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`if pin_first != pin_again:`
			`raise wire.FailureError(PinInvalid, 'PIN invalid')`
add wipe, wire.write is a generator, add trezor/workflows 2016-06-06 12:10:36 +00:00
workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`return pin_first`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00

apps.common: fix request_pin 2017-01-17 16:43:08 +00:00			`async def protect_by_pin_repeatedly(session_id: int, at_least_once: bool=False):`
apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`from . import storage`

apps.common.request_pin: add at_least_once 2016-12-19 10:32:08 +00:00			`locked = storage.is_locked() or at_least_once`
			`while locked:`
apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`pin = await request_pin(session_id)`
apps.common.request_pin: add at_least_once 2016-12-19 10:32:08 +00:00			`locked = not storage.unlock(pin, _render_pin_failure)`
apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00

apps.common: fix request_pin 2017-01-17 16:43:08 +00:00			`async def protect_by_pin_or_fail(session_id: int, at_least_once: bool=False):`
			`from trezor.messages.FailureType import PinInvalid`
			`from . import storage`

			`locked = storage.is_locked() or at_least_once`
			`if locked:`
			`pin = await request_pin(session_id)`
			`if not storage.unlock(pin, _render_pin_failure):`
			`raise wire.FailureError(PinInvalid, 'PIN invalid')`


			`protect_by_pin = protect_by_pin_or_fail`


apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`def _render_pin_failure(sleep_ms: int):`
			`ui.display.clear()`
apps.common: fix request_pin 2017-01-17 16:43:08 +00:00			`ui.display.text_center(240, 240, 'Sleeping for %d seconds' % (sleep_ms / 1000),`
apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`ui.BOLD, ui.RED, ui.BLACK)`


apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`def _get_code_and_label(code: int) -> str:`
			`from trezor.messages import PinMatrixRequestType`
			`if code is None:`
			`code = PinMatrixRequestType.Current`
			`if code == PinMatrixRequestType.NewFirst:`
			`label = 'Enter new PIN'`
			`elif code == PinMatrixRequestType.NewSecond:`
apps.common.request_pin: add at_least_once 2016-12-19 10:32:08 +00:00			`label = 'Enter PIN again'`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`else: # PinMatrixRequestType.Current`
			`label = 'Enter PIN'`
			`return code, label`


			`def _decode_pin(pin: str, secret: list) -> str:`
			`return ''.join([str(secret[int(d) - 1]) for d in pin])`